ShopSite Forums

[gkrehbiel]

Is there a way to pass customer information in a query parameter so that when the customer goes into the cart some of the data is pre-populated?

For example, if I send traffic to this page from an email campaign -- http://store.kiplinger.com/family_records_organizer.html -- it would be nice to be able to include customer information in the link so the customer doesn't have to enter it.

It seems that this would make mobile commerce a lot easier, since most people don't like filling in forms on mobile devices.

I'm running ShopSite Pro 10 sp2 r2

Thanks,

Greg

[Jim]

No.

If the shopper has been to the site before then a cookie will contain some information about them (unless you have set the store to delete cookies when an order is competed). The first shopping cart screen will contain the zip code they entered previously. The billing screen will contain both billing and the shipping address they used on the last order. Payment info such as credit card type, numbers, etc is not kept in the cookie so they will always have to fill in that information.

If you have customer registration enabled and the shopper has created an account previously that information will also be available to them when they login again. Note that in this case credit cart info might be kept if you as a merchant allow it and the shopper says for it to be kept, however it is not in a cookie, it is kept in the customer registration database. Keeping the credit card info would more than likely not be PCI compliant.

[gkrehbiel]

Thanks for the info. I think it would be a nice enhancement.

[Jim]

One of the PCI compliance issues that we run into is cross-site scripting. That is where someone tries to pass parameters in a url that will allow the browser to be hijacked and send the shopper to a different location than they think they are going to. We must examine every parameter passed to see that there isn't bogus info in the parameter. We can control that if we know what to expect. However, if we were to allow a parameter that could accept unknown data, that would be a definite place where individuals intent on cross-site scripting could attack.

[gkrehbiel]

Yes, I get that. But it seems that if you limited the parameters that could be passed to some basic things -- first name, last name, address, etc. -- that couldn't be used for those purposes.

[Jim]

Could you use a cookie to keep the information and then read the cookie on the page you want it displayed on?